@agentforge-io/nest 0.2.0

package/dist/modules/auth/guards/oauth-configured.guard.js

@@ -0,0 +1,51 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthConfiguredGuard = exports.OAuthProvider = exports.OAUTH_PROVIDER_KEY = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const constants_1 = require("../../../constants");
+exports.OAUTH_PROVIDER_KEY = 'agentforge:oauthProvider';
+const OAuthProvider = (provider) => (0, common_1.SetMetadata)(exports.OAUTH_PROVIDER_KEY, provider);
+exports.OAuthProvider = OAuthProvider;
+let OAuthConfiguredGuard = class OAuthConfiguredGuard {
+    constructor(reflector, config) {
+        this.reflector = reflector;
+        this.config = config;
+    }
+    canActivate(ctx) {
+        const provider = this.reflector.getAllAndOverride(exports.OAUTH_PROVIDER_KEY, [
+            ctx.getHandler(),
+            ctx.getClass(),
+        ]);
+        if (!provider)
+            return true;
+        const strategies = this.config.auth?.strategies ?? [];
+        const enabled = strategies.includes(provider);
+        const hasCreds = provider === 'google' ? !!this.config.auth?.google :
+            provider === 'github' ? !!this.config.auth?.github :
+                false;
+        if (!enabled || !hasCreds) {
+            throw new common_1.NotFoundException(`OAuth provider "${provider}" is not configured`);
+        }
+        return true;
+    }
+};
+exports.OAuthConfiguredGuard = OAuthConfiguredGuard;
+exports.OAuthConfiguredGuard = OAuthConfiguredGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __param(1, (0, common_1.Inject)(constants_1.AGENT_FORGE_CONFIG)),
+    __metadata("design:paramtypes", [core_1.Reflector, Object])
+], OAuthConfiguredGuard);
+//# sourceMappingURL=oauth-configured.guard.js.map

package/dist/modules/auth/guards/oauth-configured.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-configured.guard.js","sourceRoot":"","sources":["../../../../src/modules/auth/guards/oauth-configured.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAOwB;AACxB,uCAAyC;AACzC,kDAAwD;AAG3C,QAAA,kBAAkB,GAAG,0BAA0B,CAAC;AAGtD,MAAM,aAAa,GAAG,CAAC,QAA0B,EAAE,EAAE,CAC1D,IAAA,oBAAW,EAAC,0BAAkB,EAAE,QAAQ,CAAC,CAAC;AAD/B,QAAA,aAAa,iBACkB;AAQrC,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IAC/B,YACmB,SAAoB,EACQ,MAAwB;QADpD,cAAS,GAAT,SAAS,CAAW;QACQ,WAAM,GAAN,MAAM,CAAkB;IACpE,CAAC;IAEJ,WAAW,CAAC,GAAqB;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAmB,0BAAkB,EAAE;YACtF,GAAG,CAAC,UAAU,EAAE;YAChB,GAAG,CAAC,QAAQ,EAAE;SACf,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE3B,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,IAAI,EAAE,CAAC;QACtD,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,QAAQ,GACZ,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACpD,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;gBACpD,KAAK,CAAC;QAER,IAAI,CAAC,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,0BAAiB,CAAC,mBAAmB,QAAQ,qBAAqB,CAAC,CAAC;QAChF,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAzBY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,mBAAU,GAAE;IAIR,WAAA,IAAA,eAAM,EAAC,8BAAkB,CAAC,CAAA;qCADC,gBAAS;GAF5B,oBAAoB,CAyBhC"}

package/dist/modules/auth/oauth.controller.d.ts

@@ -0,0 +1,20 @@
+import type { Request, Response } from 'express';
+import { AuthService } from '@agentforge/core';
+import type { AgentForgeConfig } from '../../types';
+export declare class OAuthController {
+    private readonly config;
+    private readonly auth;
+    private readonly logger;
+    constructor(config: AgentForgeConfig, auth: AuthService);
+    google(res: Response): void;
+    googleCallback(code: string | undefined, state: string | undefined, providerError: string | undefined, req: Request, res: Response): Promise<void>;
+    github(res: Response): void;
+    githubCallback(code: string | undefined, state: string | undefined, providerError: string | undefined, req: Request, res: Response): Promise<void>;
+    private startFlow;
+    private finishFlow;
+    private successRedirect;
+    private redirectFailure;
+    private metaFrom;
+    private setSessionCookies;
+    private parseAccessTtlMs;
+}

package/dist/modules/auth/oauth.controller.js

@@ -0,0 +1,208 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var OAuthController_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthController = void 0;
+const common_1 = require("@nestjs/common");
+const swagger_1 = require("@nestjs/swagger");
+const core_1 = require("@agentforge/core");
+const public_decorator_1 = require("./decorators/public.decorator");
+const oauth_configured_guard_1 = require("./guards/oauth-configured.guard");
+const constants_1 = require("../../constants");
+const ACCESS_COOKIE_DEFAULT_MS = 15 * 60 * 1000;
+const ONE_DAY_MS = 24 * 60 * 60 * 1000;
+let OAuthController = OAuthController_1 = class OAuthController {
+    constructor(config, auth) {
+        this.config = config;
+        this.auth = auth;
+        this.logger = new common_1.Logger(OAuthController_1.name);
+    }
+    google(res) {
+        this.startFlow('google', res);
+    }
+    googleCallback(code, state, providerError, req, res) {
+        return this.finishFlow('google', { code, state, providerError, req, res });
+    }
+    github(res) {
+        this.startFlow('github', res);
+    }
+    githubCallback(code, state, providerError, req, res) {
+        return this.finishFlow('github', { code, state, providerError, req, res });
+    }
+    startFlow(provider, res) {
+        const spec = (0, core_1.getOAuthProviderSpec)(provider);
+        const cfg = provider === 'google'
+            ? this.config.auth?.google
+            : provider === 'github'
+                ? this.config.auth?.github
+                : undefined;
+        if (!spec || !cfg)
+            throw new common_1.NotFoundException(`OAuth provider "${provider}" not configured`);
+        const { authorizeUrl, state } = (0, core_1.buildAuthorizeUrl)(spec, cfg);
+        res.cookie(core_1.OAUTH_STATE_COOKIE_PREFIX + provider, state, {
+            httpOnly: true,
+            sameSite: 'lax',
+            secure: this.config.auth?.cookieSecure ?? process.env.NODE_ENV === 'production',
+            maxAge: core_1.OAUTH_STATE_TTL_MS,
+            path: `/auth/${provider}/callback`,
+        });
+        res.redirect(authorizeUrl);
+    }
+    async finishFlow(provider, input) {
+        const spec = (0, core_1.getOAuthProviderSpec)(provider);
+        const cfg = provider === 'google'
+            ? this.config.auth?.google
+            : provider === 'github'
+                ? this.config.auth?.github
+                : undefined;
+        if (!spec || !cfg) {
+            this.redirectFailure(input.res, 'not_configured');
+            return;
+        }
+        const cookieName = core_1.OAUTH_STATE_COOKIE_PREFIX + provider;
+        const cookies = input.req.cookies ?? {};
+        const expectedState = cookies[cookieName];
+        input.res.clearCookie(cookieName, { path: `/auth/${provider}/callback` });
+        let profile;
+        try {
+            profile = await (0, core_1.completeAuthorization)({
+                spec,
+                cfg,
+                returnedState: input.state,
+                expectedState,
+                code: input.code,
+                providerError: input.providerError,
+            });
+        }
+        catch (err) {
+            if (err instanceof core_1.OAuthCallbackError) {
+                this.redirectFailure(input.res, err.code);
+                return;
+            }
+            this.logger.warn(`OAuth callback failed: ${err.message}`);
+            this.redirectFailure(input.res, 'callback_failed');
+            return;
+        }
+        try {
+            const result = await this.auth.signInWithProvider(profile, this.metaFrom(input.req));
+            this.setSessionCookies(input.res, result);
+            input.res.redirect(this.successRedirect());
+        }
+        catch (err) {
+            this.logger.warn(`OAuth signIn failed: ${err.message}`);
+            this.redirectFailure(input.res, 'signin_failed');
+        }
+    }
+    successRedirect() {
+        return this.config.auth?.oauthSuccessRedirect ?? '/';
+    }
+    redirectFailure(res, code) {
+        const base = this.config.auth?.oauthFailureRedirect ?? '/';
+        const sep = base.includes('?') ? '&' : '?';
+        res.redirect(`${base}${sep}auth_error=${encodeURIComponent(code)}`);
+    }
+    metaFrom(req) {
+        return {
+            userAgent: req.headers['user-agent'],
+            ip: req.headers['x-forwarded-for']?.split(',')[0]?.trim() || req.ip,
+        };
+    }
+    setSessionCookies(res, r) {
+        const secure = this.config.auth?.cookieSecure ?? process.env.NODE_ENV === 'production';
+        const accessTtlMs = this.parseAccessTtlMs();
+        const refreshTtlMs = (this.config.auth?.refreshTokenTtlDays ?? 30) * ONE_DAY_MS;
+        const accessName = this.config.auth?.cookieName ?? 'af_session';
+        const refreshName = this.config.auth?.refreshCookieName ?? 'af_refresh';
+        res.cookie(accessName, r.accessToken, {
+            httpOnly: true, secure, sameSite: 'lax', maxAge: accessTtlMs, path: '/',
+        });
+        res.cookie(refreshName, r.refreshToken, {
+            httpOnly: true, secure, sameSite: 'lax', maxAge: refreshTtlMs, path: '/auth',
+        });
+    }
+    parseAccessTtlMs() {
+        const ttl = this.config.auth?.accessTokenTtl ?? '15m';
+        const m = /^(\d+)\s*(s|m|h|d)$/.exec(ttl.trim());
+        if (!m)
+            return ACCESS_COOKIE_DEFAULT_MS;
+        const n = Number(m[1]);
+        switch (m[2]) {
+            case 's': return n * 1000;
+            case 'm': return n * 60_000;
+            case 'h': return n * 3_600_000;
+            case 'd': return n * 86_400_000;
+            default: return ACCESS_COOKIE_DEFAULT_MS;
+        }
+    }
+};
+exports.OAuthController = OAuthController;
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, oauth_configured_guard_1.OAuthProvider)('google'),
+    (0, common_1.Get)('google'),
+    (0, common_1.UseGuards)(oauth_configured_guard_1.OAuthConfiguredGuard),
+    (0, swagger_1.ApiOperation)({ summary: 'Begin Google OAuth flow (redirects to Google)' }),
+    __param(0, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", void 0)
+], OAuthController.prototype, "google", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, oauth_configured_guard_1.OAuthProvider)('google'),
+    (0, common_1.Get)('google/callback'),
+    (0, common_1.UseGuards)(oauth_configured_guard_1.OAuthConfiguredGuard),
+    (0, swagger_1.ApiOperation)({ summary: 'Google OAuth callback — issues session cookies and redirects' }),
+    __param(0, (0, common_1.Query)('code')),
+    __param(1, (0, common_1.Query)('state')),
+    __param(2, (0, common_1.Query)('error')),
+    __param(3, (0, common_1.Req)()),
+    __param(4, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Object, Object, Object]),
+    __metadata("design:returntype", Promise)
+], OAuthController.prototype, "googleCallback", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, oauth_configured_guard_1.OAuthProvider)('github'),
+    (0, common_1.Get)('github'),
+    (0, common_1.UseGuards)(oauth_configured_guard_1.OAuthConfiguredGuard),
+    (0, swagger_1.ApiOperation)({ summary: 'Begin GitHub OAuth flow (redirects to GitHub)' }),
+    __param(0, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", void 0)
+], OAuthController.prototype, "github", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, oauth_configured_guard_1.OAuthProvider)('github'),
+    (0, common_1.Get)('github/callback'),
+    (0, common_1.UseGuards)(oauth_configured_guard_1.OAuthConfiguredGuard),
+    (0, swagger_1.ApiOperation)({ summary: 'GitHub OAuth callback — issues session cookies and redirects' }),
+    __param(0, (0, common_1.Query)('code')),
+    __param(1, (0, common_1.Query)('state')),
+    __param(2, (0, common_1.Query)('error')),
+    __param(3, (0, common_1.Req)()),
+    __param(4, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Object, Object, Object]),
+    __metadata("design:returntype", Promise)
+], OAuthController.prototype, "githubCallback", null);
+exports.OAuthController = OAuthController = OAuthController_1 = __decorate([
+    (0, swagger_1.ApiTags)('Auth (OAuth)'),
+    (0, common_1.Controller)('auth'),
+    __param(0, (0, common_1.Inject)(constants_1.AGENT_FORGE_CONFIG)),
+    __metadata("design:paramtypes", [Object, core_1.AuthService])
+], OAuthController);
+//# sourceMappingURL=oauth.controller.js.map

package/dist/modules/auth/oauth.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.controller.js","sourceRoot":"","sources":["../../../src/modules/auth/oauth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAUwB;AACxB,6CAAwD;AAExD,2CAS0B;AAE1B,oEAAuD;AACvD,4EAAsF;AACtF,+CAAqD;AAGrD,MAAM,wBAAwB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAChD,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAUhC,IAAM,eAAe,uBAArB,MAAM,eAAe;IAG1B,YAC8B,MAAyC,EACpD,IAAiB;QADW,WAAM,GAAN,MAAM,CAAkB;QACpD,SAAI,GAAJ,IAAI,CAAa;QAJnB,WAAM,GAAG,IAAI,eAAM,CAAC,iBAAe,CAAC,IAAI,CAAC,CAAC;IAKxD,CAAC;IASJ,MAAM,CAAQ,GAAa;QACzB,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAChC,CAAC;IAOD,cAAc,CACG,IAAwB,EACvB,KAAyB,EACzB,aAAiC,EAC1C,GAAY,EACZ,GAAa;QAEpB,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAC7E,CAAC;IASD,MAAM,CAAQ,GAAa;QACzB,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAChC,CAAC;IAOD,cAAc,CACG,IAAwB,EACvB,KAAyB,EACzB,aAAiC,EAC1C,GAAY,EACZ,GAAa;QAEpB,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAC7E,CAAC;IAIO,SAAS,CAAC,QAA0B,EAAE,GAAa;QACzD,MAAM,IAAI,GAAG,IAAA,2BAAoB,EAAC,QAAQ,CAAC,CAAC;QAC5C,MAAM,GAAG,GACP,QAAQ,KAAK,QAAQ;YACnB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM;YAC1B,CAAC,CAAC,QAAQ,KAAK,QAAQ;gBACrB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM;gBAC1B,CAAC,CAAC,SAAS,CAAC;QAGlB,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,0BAAiB,CAAC,mBAAmB,QAAQ,kBAAkB,CAAC,CAAC;QAE9F,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,IAAA,wBAAiB,EAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC7D,GAAG,CAAC,MAAM,CAAC,gCAAyB,GAAG,QAAQ,EAAE,KAAK,EAAE;YACtD,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAC/E,MAAM,EAAE,yBAAkB;YAC1B,IAAI,EAAE,SAAS,QAAQ,WAAW;SACnC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAC7B,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,QAA0B,EAC1B,KAMC;QAED,MAAM,IAAI,GAAG,IAAA,2BAAoB,EAAC,QAAQ,CAAC,CAAC;QAC5C,MAAM,GAAG,GACP,QAAQ,KAAK,QAAQ;YACnB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM;YAC1B,CAAC,CAAC,QAAQ,KAAK,QAAQ;gBACrB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM;gBAC1B,CAAC,CAAC,SAAS,CAAC;QAClB,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YAClB,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;YAClD,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,gCAAyB,GAAG,QAAQ,CAAC;QACxD,MAAM,OAAO,GACV,KAAK,CAAC,GAAsD,CAAC,OAAO,IAAI,EAAE,CAAC;QAC9E,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QAE1C,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,QAAQ,WAAW,EAAE,CAAC,CAAC;QAE1E,IAAI,OAA+B,CAAC;QACpC,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,IAAA,4BAAqB,EAAC;gBACpC,IAAI;gBACJ,GAAG;gBACH,aAAa,EAAE,KAAK,CAAC,KAAK;gBAC1B,aAAa;gBACb,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,aAAa,EAAE,KAAK,CAAC,aAAa;aACnC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,yBAAkB,EAAE,CAAC;gBACtC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC1C,OAAO;YACT,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA2B,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;YACrF,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAC1C,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wBAAyB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YACnE,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAIO,eAAe;QACrB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,oBAAoB,IAAI,GAAG,CAAC;IACvD,CAAC;IAEO,eAAe,CAAC,GAAa,EAAE,IAAY;QACjD,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,oBAAoB,IAAI,GAAG,CAAC;QAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QAC3C,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,GAAG,cAAc,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtE,CAAC;IAEO,QAAQ,CAAC,GAAY;QAC3B,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC;YACpC,EAAE,EAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,EAAE;SAChF,CAAC;IACJ,CAAC;IAEO,iBAAiB,CACvB,GAAa,EACb,CAAgD;QAEhD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;QACvF,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,mBAAmB,IAAI,EAAE,CAAC,GAAG,UAAU,CAAC;QAChF,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,IAAI,YAAY,CAAC;QAChE,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,iBAAiB,IAAI,YAAY,CAAC;QAExE,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,WAAW,EAAE;YACpC,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG;SACxE,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,YAAY,EAAE;YACtC,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO;SAC7E,CAAC,CAAC;IACL,CAAC;IAEO,gBAAgB;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,IAAI,KAAK,CAAC;QACtD,MAAM,CAAC,GAAG,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,CAAC;YAAE,OAAO,wBAAwB,CAAC;QACxC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACb,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;YAC1B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC;YAC5B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;YAC/B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC;YAChC,OAAO,CAAC,CAAC,OAAO,wBAAwB,CAAC;QAC3C,CAAC;IACH,CAAC;CACF,CAAA;AAlMY,0CAAe;AAe1B;IALC,IAAA,yBAAM,GAAE;IACR,IAAA,sCAAa,EAAC,QAAQ,CAAC;IACvB,IAAA,YAAG,EAAC,QAAQ,CAAC;IACb,IAAA,kBAAS,EAAC,6CAAoB,CAAC;IAC/B,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;IACnE,WAAA,IAAA,YAAG,GAAE,CAAA;;;;6CAEZ;AAOD;IALC,IAAA,yBAAM,GAAE;IACR,IAAA,sCAAa,EAAC,QAAQ,CAAC;IACvB,IAAA,YAAG,EAAC,iBAAiB,CAAC;IACtB,IAAA,kBAAS,EAAC,6CAAoB,CAAC;IAC/B,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,8DAA8D,EAAE,CAAC;IAEvF,WAAA,IAAA,cAAK,EAAC,MAAM,CAAC,CAAA;IACb,WAAA,IAAA,cAAK,EAAC,OAAO,CAAC,CAAA;IACd,WAAA,IAAA,cAAK,EAAC,OAAO,CAAC,CAAA;IACd,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,YAAG,GAAE,CAAA;;;;qDAGP;AASD;IALC,IAAA,yBAAM,GAAE;IACR,IAAA,sCAAa,EAAC,QAAQ,CAAC;IACvB,IAAA,YAAG,EAAC,QAAQ,CAAC;IACb,IAAA,kBAAS,EAAC,6CAAoB,CAAC;IAC/B,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC;IACnE,WAAA,IAAA,YAAG,GAAE,CAAA;;;;6CAEZ;AAOD;IALC,IAAA,yBAAM,GAAE;IACR,IAAA,sCAAa,EAAC,QAAQ,CAAC;IACvB,IAAA,YAAG,EAAC,iBAAiB,CAAC;IACtB,IAAA,kBAAS,EAAC,6CAAoB,CAAC;IAC/B,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,8DAA8D,EAAE,CAAC;IAEvF,WAAA,IAAA,cAAK,EAAC,MAAM,CAAC,CAAA;IACb,WAAA,IAAA,cAAK,EAAC,OAAO,CAAC,CAAA;IACd,WAAA,IAAA,cAAK,EAAC,OAAO,CAAC,CAAA;IACd,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,YAAG,GAAE,CAAA;;;;qDAGP;0BA1DU,eAAe;IAF3B,IAAA,iBAAO,EAAC,cAAc,CAAC;IACvB,IAAA,mBAAU,EAAC,MAAM,CAAC;IAKd,WAAA,IAAA,eAAM,EAAC,8BAAkB,CAAC,CAAA;6CACJ,kBAAW;GALzB,eAAe,CAkM3B"}

package/dist/modules/auth/refresh-token.service.d.ts

@@ -0,0 +1,2 @@
+export { RefreshTokenService, RefreshTokenError, } from '@agentforge/core';
+export type { MintedRefreshToken, IssueOptions, RefreshTokenServiceOptions, } from '@agentforge/core';

package/dist/modules/auth/refresh-token.service.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RefreshTokenError = exports.RefreshTokenService = void 0;
+var core_1 = require("@agentforge/core");
+Object.defineProperty(exports, "RefreshTokenService", { enumerable: true, get: function () { return core_1.RefreshTokenService; } });
+Object.defineProperty(exports, "RefreshTokenError", { enumerable: true, get: function () { return core_1.RefreshTokenError; } });
+//# sourceMappingURL=refresh-token.service.js.map

package/dist/modules/auth/refresh-token.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token.service.js","sourceRoot":"","sources":["../../../src/modules/auth/refresh-token.service.ts"],"names":[],"mappings":";;;AAAA,yCAG0B;AAFxB,2GAAA,mBAAmB,OAAA;AACnB,yGAAA,iBAAiB,OAAA"}

package/dist/modules/auth/strategies/github.strategy.d.ts

@@ -0,0 +1,12 @@
+import { Strategy, type Profile } from 'passport-github2';
+import type { AgentForgeConfig } from '../../../types';
+import type { NormalizedOAuthProfile } from './google.strategy';
+declare const GithubStrategy_base: new (...args: [options: import("passport-github2").StrategyOptionsWithRequest] | [options: import("passport-github2").StrategyOptions]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+export declare class GithubStrategy extends GithubStrategy_base {
+    private readonly logger;
+    constructor(config: AgentForgeConfig);
+    validate(_accessToken: string, _refreshToken: string, profile: Profile): Promise<NormalizedOAuthProfile>;
+}
+export {};

package/dist/modules/auth/strategies/github.strategy.js

@@ -0,0 +1,57 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var GithubStrategy_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GithubStrategy = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+const passport_github2_1 = require("passport-github2");
+const constants_1 = require("../../../constants");
+let GithubStrategy = GithubStrategy_1 = class GithubStrategy extends (0, passport_1.PassportStrategy)(passport_github2_1.Strategy, 'agentforge-github') {
+    constructor(config) {
+        const github = config.auth?.github;
+        if (!github?.clientId || !github?.clientSecret || !github?.callbackURL) {
+            throw new Error('AgentForge GitHub OAuth: clientId, clientSecret, and callbackURL are required when "github" is in auth.strategies');
+        }
+        super({
+            clientID: github.clientId,
+            clientSecret: github.clientSecret,
+            callbackURL: github.callbackURL,
+            scope: ['user:email'],
+        });
+        this.logger = new common_1.Logger(GithubStrategy_1.name);
+    }
+    async validate(_accessToken, _refreshToken, profile) {
+        const primaryEmail = profile.emails?.[0];
+        return {
+            provider: 'github',
+            providerId: profile.id,
+            email: primaryEmail?.value,
+            emailVerified: true,
+            name: profile.displayName || profile.username,
+            metadata: {
+                username: profile.username,
+                avatar: profile.photos?.[0]?.value,
+                profileUrl: profile.profileUrl,
+            },
+        };
+    }
+};
+exports.GithubStrategy = GithubStrategy;
+exports.GithubStrategy = GithubStrategy = GithubStrategy_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)(constants_1.AGENT_FORGE_CONFIG)),
+    __metadata("design:paramtypes", [Object])
+], GithubStrategy);
+//# sourceMappingURL=github.strategy.js.map

package/dist/modules/auth/strategies/github.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.strategy.js","sourceRoot":"","sources":["../../../../src/modules/auth/strategies/github.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAA4D;AAC5D,+CAAoD;AACpD,uDAA0D;AAC1D,kDAAwD;AAajD,IAAM,cAAc,sBAApB,MAAM,cAAe,SAAQ,IAAA,2BAAgB,EAAC,2BAAQ,EAAE,mBAAmB,CAAC;IAGjF,YAAwC,MAAwB;QAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,QAAQ,IAAI,CAAC,MAAM,EAAE,YAAY,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC;YACvE,MAAM,IAAI,KAAK,CACb,mHAAmH,CACpH,CAAC;QACJ,CAAC;QACD,KAAK,CAAC;YACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,WAAW,EAAE,MAAM,CAAC,WAAW;YAE/B,KAAK,EAAE,CAAC,YAAY,CAAC;SACtB,CAAC,CAAC;QAfY,WAAM,GAAG,IAAI,eAAM,CAAC,gBAAc,CAAC,IAAI,CAAC,CAAC;IAgB1D,CAAC;IAED,KAAK,CAAC,QAAQ,CACZ,YAAoB,EACpB,aAAqB,EACrB,OAAgB;QAEhB,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;QACzC,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,UAAU,EAAE,OAAO,CAAC,EAAE;YACtB,KAAK,EAAE,YAAY,EAAE,KAAK;YAI1B,aAAa,EAAE,IAAI;YACnB,IAAI,EAAE,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,QAAQ;YAC7C,QAAQ,EAAE;gBACR,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;gBAClC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B;SACF,CAAC;IACJ,CAAC;CACF,CAAA;AAzCY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,mBAAU,GAAE;IAIE,WAAA,IAAA,eAAM,EAAC,8BAAkB,CAAC,CAAA;;GAH5B,cAAc,CAyC1B"}

package/dist/modules/auth/strategies/google.strategy.d.ts

@@ -0,0 +1,19 @@
+import { Strategy, type Profile } from 'passport-google-oauth20';
+import type { AgentForgeConfig } from '../../../types';
+export interface NormalizedOAuthProfile {
+    provider: string;
+    providerId: string;
+    email?: string;
+    emailVerified?: boolean;
+    name?: string;
+    metadata?: Record<string, unknown>;
+}
+declare const GoogleStrategy_base: new (...args: [options: import("passport-google-oauth20").StrategyOptionsWithRequest] | [options: import("passport-google-oauth20").StrategyOptions] | [options: import("passport-google-oauth20").StrategyOptions] | [options: import("passport-google-oauth20").StrategyOptionsWithRequest]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+export declare class GoogleStrategy extends GoogleStrategy_base {
+    private readonly logger;
+    constructor(config: AgentForgeConfig);
+    validate(_accessToken: string, _refreshToken: string, profile: Profile): Promise<NormalizedOAuthProfile>;
+}
+export {};

package/dist/modules/auth/strategies/google.strategy.js

@@ -0,0 +1,56 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var GoogleStrategy_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GoogleStrategy = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+const passport_google_oauth20_1 = require("passport-google-oauth20");
+const constants_1 = require("../../../constants");
+let GoogleStrategy = GoogleStrategy_1 = class GoogleStrategy extends (0, passport_1.PassportStrategy)(passport_google_oauth20_1.Strategy, 'agentforge-google') {
+    constructor(config) {
+        const google = config.auth?.google;
+        if (!google?.clientId || !google?.clientSecret || !google?.callbackURL) {
+            throw new Error('AgentForge Google OAuth: clientId, clientSecret, and callbackURL are required when "google" is in auth.strategies');
+        }
+        super({
+            clientID: google.clientId,
+            clientSecret: google.clientSecret,
+            callbackURL: google.callbackURL,
+            scope: ['email', 'profile'],
+        });
+        this.logger = new common_1.Logger(GoogleStrategy_1.name);
+    }
+    async validate(_accessToken, _refreshToken, profile) {
+        const primaryEmail = profile.emails?.[0];
+        return {
+            provider: 'google',
+            providerId: profile.id,
+            email: primaryEmail?.value,
+            emailVerified: primaryEmail?.verified ?? true,
+            name: profile.displayName,
+            metadata: {
+                avatar: profile.photos?.[0]?.value,
+                locale: profile._json?.locale,
+            },
+        };
+    }
+};
+exports.GoogleStrategy = GoogleStrategy;
+exports.GoogleStrategy = GoogleStrategy = GoogleStrategy_1 = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)(constants_1.AGENT_FORGE_CONFIG)),
+    __metadata("design:paramtypes", [Object])
+], GoogleStrategy);
+//# sourceMappingURL=google.strategy.js.map

package/dist/modules/auth/strategies/google.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.strategy.js","sourceRoot":"","sources":["../../../../src/modules/auth/strategies/google.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAA4D;AAC5D,+CAAoD;AACpD,qEAAiE;AACjE,kDAAwD;AAqBjD,IAAM,cAAc,sBAApB,MAAM,cAAe,SAAQ,IAAA,2BAAgB,EAAC,kCAAQ,EAAE,mBAAmB,CAAC;IAGjF,YAAwC,MAAwB;QAC9D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,QAAQ,IAAI,CAAC,MAAM,EAAE,YAAY,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC;YACvE,MAAM,IAAI,KAAK,CACb,mHAAmH,CACpH,CAAC;QACJ,CAAC;QACD,KAAK,CAAC;YACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,KAAK,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC;SAC5B,CAAC,CAAC;QAdY,WAAM,GAAG,IAAI,eAAM,CAAC,gBAAc,CAAC,IAAI,CAAC,CAAC;IAe1D,CAAC;IAED,KAAK,CAAC,QAAQ,CACZ,YAAoB,EACpB,aAAqB,EACrB,OAAgB;QAEhB,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;QACzC,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,UAAU,EAAE,OAAO,CAAC,EAAE;YACtB,KAAK,EAAE,YAAY,EAAE,KAAK;YAC1B,aAAa,EAAG,YAAkD,EAAE,QAAQ,IAAI,IAAI;YACpF,IAAI,EAAE,OAAO,CAAC,WAAW;YACzB,QAAQ,EAAE;gBACR,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK;gBAClC,MAAM,EAAG,OAAsD,CAAC,KAAK,EAAE,MAAM;aAC9E;SACF,CAAC;IACJ,CAAC;CACF,CAAA;AApCY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,mBAAU,GAAE;IAIE,WAAA,IAAA,eAAM,EAAC,8BAAkB,CAAC,CAAA;;GAH5B,cAAc,CAoC1B"}

package/dist/modules/auth/strategies/jwt.strategy.d.ts

@@ -0,0 +1,18 @@
+import { Strategy } from 'passport-jwt';
+import { AuthService } from '../auth.service';
+import type { AgentForgeConfig } from '../../../types';
+import type { AuthUser } from '../decorators/current-user.decorator';
+interface JwtPayload {
+    sub: string;
+    email?: string;
+    name?: string;
+}
+declare const JwtStrategy_base: new (...args: [opt: import("passport-jwt").StrategyOptionsWithoutRequest] | [opt: import("passport-jwt").StrategyOptionsWithRequest]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+export declare class JwtStrategy extends JwtStrategy_base {
+    private readonly auth;
+    constructor(config: AgentForgeConfig, auth: AuthService);
+    validate(payload: JwtPayload): Promise<AuthUser>;
+}
+export {};

package/dist/modules/auth/strategies/jwt.strategy.js

@@ -0,0 +1,49 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtStrategy = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+const passport_jwt_1 = require("passport-jwt");
+const auth_service_1 = require("../auth.service");
+const constants_1 = require("../../../constants");
+let JwtStrategy = class JwtStrategy extends (0, passport_1.PassportStrategy)(passport_jwt_1.Strategy, 'agentforge-jwt') {
+    constructor(config, auth) {
+        const cookieName = config.auth?.cookieName ?? 'af_session';
+        super({
+            jwtFromRequest: passport_jwt_1.ExtractJwt.fromExtractors([
+                passport_jwt_1.ExtractJwt.fromAuthHeaderAsBearerToken(),
+                (req) => (req?.cookies && req.cookies[cookieName]) || null,
+            ]),
+            ignoreExpiration: false,
+            secretOrKey: config.auth?.jwtSecret ?? 'unset-secret',
+        });
+        this.auth = auth;
+    }
+    async validate(payload) {
+        if (!payload?.sub)
+            throw new common_1.UnauthorizedException();
+        const user = await this.auth.getById(payload.sub);
+        if (!user)
+            throw new common_1.UnauthorizedException('User no longer exists or is disabled');
+        return user;
+    }
+};
+exports.JwtStrategy = JwtStrategy;
+exports.JwtStrategy = JwtStrategy = __decorate([
+    (0, common_1.Injectable)(),
+    __param(0, (0, common_1.Inject)(constants_1.AGENT_FORGE_CONFIG)),
+    __metadata("design:paramtypes", [Object, auth_service_1.AuthService])
+], JwtStrategy);
+//# sourceMappingURL=jwt.strategy.js.map

package/dist/modules/auth/strategies/jwt.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.strategy.js","sourceRoot":"","sources":["../../../../src/modules/auth/strategies/jwt.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA2E;AAC3E,+CAAoD;AACpD,+CAAoD;AAEpD,kDAA8C;AAC9C,kDAAwD;AAWjD,IAAM,WAAW,GAAjB,MAAM,WAAY,SAAQ,IAAA,2BAAgB,EAAC,uBAAQ,EAAE,gBAAgB,CAAC;IAC3E,YAC8B,MAAwB,EACnC,IAAiB;QAElC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,EAAE,UAAU,IAAI,YAAY,CAAC;QAC3D,KAAK,CAAC;YACJ,cAAc,EAAE,yBAAU,CAAC,cAAc,CAAC;gBACxC,yBAAU,CAAC,2BAA2B,EAAE;gBACxC,CAAC,GAAY,EAAE,EAAE,CACf,CAAC,GAAG,EAAE,OAAO,IAAK,GAAG,CAAC,OAAkC,CAAC,UAAU,CAAC,CAAC,IAAI,IAAI;aAChF,CAAC;YACF,gBAAgB,EAAE,KAAK;YACvB,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,IAAI,cAAc;SACtD,CAAC,CAAC;QAXc,SAAI,GAAJ,IAAI,CAAa;IAYpC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAmB;QAChC,IAAI,CAAC,OAAO,EAAE,GAAG;YAAE,MAAM,IAAI,8BAAqB,EAAE,CAAC;QACrD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,8BAAqB,CAAC,sCAAsC,CAAC,CAAC;QACnF,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAvBY,kCAAW;sBAAX,WAAW;IADvB,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,eAAM,EAAC,8BAAkB,CAAC,CAAA;6CACJ,0BAAW;GAHzB,WAAW,CAuBvB"}

package/dist/modules/auth/strategies/local.strategy.d.ts

@@ -0,0 +1,11 @@
+import { Strategy } from 'passport-local';
+import { AuthService } from '../auth.service';
+declare const LocalStrategy_base: new (...args: [] | [options: import("passport-local").IStrategyOptionsWithRequest] | [options: import("passport-local").IStrategyOptions]) => Strategy & {
+    validate(...args: any[]): unknown;
+};
+export declare class LocalStrategy extends LocalStrategy_base {
+    private readonly auth;
+    constructor(auth: AuthService);
+    validate(email: string, password: string): Promise<import("@agentforge/core").User>;
+}
+export {};

package/dist/modules/auth/strategies/local.strategy.js

@@ -0,0 +1,31 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LocalStrategy = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+const passport_local_1 = require("passport-local");
+const auth_service_1 = require("../auth.service");
+let LocalStrategy = class LocalStrategy extends (0, passport_1.PassportStrategy)(passport_local_1.Strategy, 'agentforge-local') {
+    constructor(auth) {
+        super({ usernameField: 'email', passwordField: 'password' });
+        this.auth = auth;
+    }
+    async validate(email, password) {
+        return this.auth.validateCredentials(email, password);
+    }
+};
+exports.LocalStrategy = LocalStrategy;
+exports.LocalStrategy = LocalStrategy = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [auth_service_1.AuthService])
+], LocalStrategy);
+//# sourceMappingURL=local.strategy.js.map

package/dist/modules/auth/strategies/local.strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"local.strategy.js","sourceRoot":"","sources":["../../../../src/modules/auth/strategies/local.strategy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4C;AAC5C,+CAAoD;AACpD,mDAA0C;AAC1C,kDAA8C;AAGvC,IAAM,aAAa,GAAnB,MAAM,aAAc,SAAQ,IAAA,2BAAgB,EAAC,yBAAQ,EAAE,kBAAkB,CAAC;IAC/E,YAA6B,IAAiB;QAC5C,KAAK,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC,CAAC;QADlC,SAAI,GAAJ,IAAI,CAAa;IAE9C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAa,EAAE,QAAgB;QAC5C,OAAO,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC;CACF,CAAA;AARY,sCAAa;wBAAb,aAAa;IADzB,IAAA,mBAAU,GAAE;qCAEwB,0BAAW;GADnC,aAAa,CAQzB"}

package/dist/modules/billing/adapters/billing-adapter.interface.d.ts

@@ -0,0 +1 @@
+export { BILLING_ADAPTER, type IBillingAdapter } from '@agentforge/core';

package/dist/modules/billing/adapters/billing-adapter.interface.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BILLING_ADAPTER = void 0;
+var core_1 = require("@agentforge/core");
+Object.defineProperty(exports, "BILLING_ADAPTER", { enumerable: true, get: function () { return core_1.BILLING_ADAPTER; } });
+//# sourceMappingURL=billing-adapter.interface.js.map

package/dist/modules/billing/adapters/billing-adapter.interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"billing-adapter.interface.js","sourceRoot":"","sources":["../../../../src/modules/billing/adapters/billing-adapter.interface.ts"],"names":[],"mappings":";;;AAEA,yCAAyE;AAAhE,uGAAA,eAAe,OAAA"}

package/dist/modules/billing/adapters/stripe/stripe.adapter.d.ts

@@ -0,0 +1,19 @@
+import Stripe from 'stripe';
+import type { IBillingAdapter } from '../billing-adapter.interface';
+import type { CheckoutSession, CreateCheckoutParams, CreateCustomerParams, CreateSubscriptionParams, PlanDefinition, StripeConfig, SubscriptionResult, WebhookEvent } from '../../../../types';
+export declare class StripeAdapter implements IBillingAdapter {
+    private readonly logger;
+    private readonly stripe;
+    private readonly plans;
+    constructor(config: StripeConfig, plans?: PlanDefinition[]);
+    createCustomer(params: CreateCustomerParams): Promise<string>;
+    createCheckoutSession(params: CreateCheckoutParams): Promise<CheckoutSession>;
+    createSubscription(params: CreateSubscriptionParams): Promise<SubscriptionResult>;
+    cancelSubscription(subscriptionId: string, atPeriodEnd?: boolean): Promise<void>;
+    getSubscription(subscriptionId: string): Promise<SubscriptionResult & {
+        status: string;
+    }>;
+    getPortalUrl(customerId: string, returnUrl: string): Promise<string>;
+    handleWebhook(payload: Buffer, signature: string): Promise<WebhookEvent>;
+    getStripeInstance(): Stripe;
+}